Cyber Resilience

CVE-2026-20205

High

Published: 15 April 2026

Published
15 April 2026
Modified
17 April 2026
KEV Added
Patch
CVSS Score v3.1 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0006 17.8th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-20205 is a high-severity Insertion of Sensitive Information into Log File (CWE-532) vulnerability in Splunk MCP Server (inferred from references). Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Credentials In Files (T1552.001); ranked at the 17.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Privacy and Disclosure risk domain.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and AU-9 (Protection of Audit Information).

Deeper analysis

CVE-2026-20205 is a vulnerability in the Splunk MCP Server app versions below 1.0.3 that allows users with specific privileges to view session and authorization tokens for other users in clear text. The issue stems from sensitive information being logged insecurely, classified under CWE-532, and affects the Splunk platform's internal logging mechanisms. It carries a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H), indicating high impact potential despite requiring elevated privileges.

Exploitation requires a user holding a role with access to the Splunk _internal index or the high-privilege capability mcp_tool_admin. Attackers need either local access to the log files or administrative access to internal indexes, which by default is limited to the admin role. Successful exploitation enables viewing clear-text tokens, potentially allowing token hijacking for unauthorized access, data manipulation, or denial of service, aligning with the high confidentiality, integrity, and availability impacts in the CVSS score.

The Splunk advisory at https://advisory.splunk.com/advisories/SVD-2026-0407 recommends upgrading to version 1.0.3 or later and reviewing roles and capabilities to restrict access to the _internal index to administrator-level roles only. Additional guidance is available in Splunk documentation on defining roles with capabilities and MCP Server admin settings.

EU & UK References

Vulnerability details

In Splunk MCP Server app versions below 1.0.3 , a user who holds a role with access to the Splunk `_internal` index or possesses the high-privilege capability `mcp_tool_admin` could view users session and authorization tokens in clear text.<br><br>The vulnerability would…

more

require either local access to the log files or administrative access to internal indexes, which by default only the admin role receives. <br><br>Review roles and capabilities on your instance and restrict internal index access to administrator-level roles. See [Define roles on the Splunk platform with capabilities](https://docs.splunk.com/Documentation/Splunk/latest/Security/Rolesandcapabilities) and [Connecting to MCP Server and Admin settings](https://help.splunk.com/en/splunk-enterprise/mcp-server-for-splunk-platform/connecting-to-mcp-server-and-admin-settings) in the Splunk documentation for more information.

CWE(s)

AI Security AnalysisAI

AI Category
AI Agent Protocols and Integrations
Risk Domain
Privacy and Disclosure
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: mcp

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
T1550.001 Application Access Token Lateral Movement
Adversaries may use stolen application access tokens to bypass the typical authentication process and access restricted accounts, information, or services on remote systems.
Why these techniques?

Insecure logging exposes tokens (T1552.001); enables token-based account impersonation (T1550.001).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-31987Shared CWE-532
CVE-2026-24762Shared CWE-532
CVE-2024-7577Shared CWE-532
CVE-2026-34487Shared CWE-532
CVE-2025-1075Shared CWE-532
CVE-2026-27900Shared CWE-532
CVE-2025-30205Shared CWE-532
CVE-2026-23775Shared CWE-532
CVE-2026-25193Shared CWE-532
CVE-2026-44516Shared CWE-532

Affected Assets

Splunk
MCP Server
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Remediates the insecure logging of clear-text session and authorization tokens by upgrading Splunk MCP Server to version 1.0.3 or later.

prevent

Enforces least privilege by restricting access to the Splunk _internal index and mcp_tool_admin capability to only administrator-level roles, preventing unauthorized viewing of sensitive tokens.

prevent

Protects audit information in Splunk _internal index logs from unauthorized access, directly mitigating exposure of clear-text user session and authorization tokens.

References